Policy Plug-In APIs

The Policy plug-in classes are contained in the com.sun.identity.policy.interfaces package. The following classes are used by service developers
and policy administrators who need to provide additional policy features
as well as support for legacy policies.

ResourceName

Provides methods to determine the hierarchy of the
resource names for a determined service type. For example, these methods
can check to see if two resources names are the same or if one is
a sub-resource of the other.

Subject

Defines methods that can determine if an authenticated
user (possessing an SSOToken) is a member of the
given subject.

Referral

Defines methods used to delegate the policy definition
or evaluation of a selected resource (and its sub-resources) to another
realm or policy server.

Condition

Provides methods used to constrain a policy to , for
example, time-of-day or IP address. This interface allows the pluggable
implementation of the conditions.

PolicyListener

Defines an interface for registering policy events
when a policy is added, removed or changed. PolicyListener is
used by the Policy Service to send notifications and by listeners
to review policy change events.